lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <39efdc37-88cc-34c4-ad64-2f13fd0bc4a2@cumulusnetworks.com>
Date:	Mon, 8 Aug 2016 09:27:12 -0600
From:	David Ahern <dsa@...ulusnetworks.com>
To:	Lorenzo Colitti <lorenzo@...gle.com>, netdev@...r.kernel.org
Cc:	hannes@...essinduktion.org, ek@...gle.com, davem@...emloft.net,
	hideaki.yoshifuji@...aclelinux.com
Subject: Re: [PATCH net] net: ipv6: Fix ping to link-local addresses.

On 8/8/16 1:42 AM, Lorenzo Colitti wrote:
> ping_v6_sendmsg never sets flowi6_oif, so it is not possible to
> ping an IPv6 address on a different interface. Instead, it sets
> flowi6_iif, which is incorrect but harmless. Also, it returns an
> error if a passed-in scope ID doesn't match sk_bound_dev_if.
> 
> Get rid of the error, stop setting flowi6_iif, and support
> various ways of setting oif in the same priority order used by
> udpv6_sendmsg.
> 
> Tested: https://android-review.googlesource.com/#/c/254470/
> Signed-off-by: Lorenzo Colitti <lorenzo@...gle.com>
> ---
>  net/ipv6/ping.c | 29 +++++++++++++++--------------
>  1 file changed, 15 insertions(+), 14 deletions(-)
> 
> diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
> index fed40d1..eabf1ea 100644
> --- a/net/ipv6/ping.c
> +++ b/net/ipv6/ping.c

-----8<-----

> @@ -106,16 +111,12 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
>  	fl6.flowi6_proto = IPPROTO_ICMPV6;
>  	fl6.saddr = np->saddr;
>  	fl6.daddr = *daddr;
> +	fl6.flowi6_oif = oif;
>  	fl6.flowi6_mark = sk->sk_mark;
>  	fl6.fl6_icmp_type = user_icmph.icmp6_type;
>  	fl6.fl6_icmp_code = user_icmph.icmp6_code;
>  	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
>  
> -	if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
> -		fl6.flowi6_oif = np->mcast_oif;
> -	else if (!fl6.flowi6_oif)
> -		fl6.flowi6_oif = np->ucast_oif;
> -
>  	ipc6.tclass = np->tclass;
>  	fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
>  
> 

That code removal is contrary to your patch description regarding flowi6_oif.

Powered by blists - more mailing lists